How to install and configure SSH server on Ubuntu 16.04

Linux Permissions

SSH is easily one of the first and most useful tools that gets installed on a server to perform remote system administration. Let’s learn how to install and configure it on Ubuntu 16.04 Xenial Xerus.

So what is SSH?

If you’re asking this, well you’re not in the right place. Before you go and configure a server, you should understand how SSH works and how to use its client. You can wait forever to learn a fundamental skill, or do it now reading this post.

Install SSH server

Before starting, remember that whatever you read here is only a tutorial, in real-life scenarios you should watch what you do and think carefully about the consequences.

By default, an SSH server should be already installed on your system. If that is not the case let’s install it. There are a few servers that you can choose from, but we’ll focus on OpenSSH, one of the oldest and probably the most popular one. We can install it by typing:

# apt install -y openssh-server openssh-client

This will install also the client (that is always useful). This process will also generate the host key. Next step is to start and enable the service. Since Ubuntu 15.04, Ubuntu uses systemD. So let’s do it:

# systemctl start sshd
# systemctl enable sshd

The last step is to open a port in the firewall. By default Ubuntu uses ufw (the uncomplicated firewall) as its default firewall.

# ufw allow ssh
# ufw reload

This is it. You now have a functioning SSH server. It can indeed work like this, but you should also take a few minutes to configure your new SSH server. First you should familiarize with the configuration folder: /etc/ssh . You will find a few files inside this folder, the configuration of the server resides however in the sshd_config file.

Configuring SSH server

There are many many configuration options, we’ll cover the most important ones.

Port 22                    # Tells sshd to listen on the port
AddressFamily any          # Listen on IPv4 or IPv6 only or both
ListenAddress      # Listen on the address specified, can use both IPv4 and IPv6
PermitRootLogin no         # Allow root to use ssh, it should always be set to no
MaxAuthTries 6             # Defines the number of tries allowed during login
MaxSessions 10             # Defines the maximum number of simultaneous connections
PubkeyAuthentication yes   # If set to yes enables the use of public key authentication
PasswordAuthentication yes # This will enforce key-based if set to no and ask passwords if set to yes

This is by no mean a complete list, but shows you the most used (and important) options. If you’re willing here’s the complete list. Be sure to reload sshd for the changes to take effect

# systemctl reload sshd

Also, changing the port or the address will require a restart of the SSH server.


You now know how to install and modify the basic configuration of OpenSSH server, but there are quite a few things we didn’t mention: e.g. if you wanted to change the port on which SSH listens you should change the Port option, however that wouldn’t be enough. You must inform the firewall in order for that to work (if enabled), and if they are installed also SELinux or AppArmor. Since these are quite advanced things and go beyond the scope of the article itself, we won’t address them.

Image courtesy of kev-shine

Image courtesy of Kev-shine

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.